On Tue, May 17, 2016 at 08:52:28AM -0600, Todd C. Miller wrote: > On Tue, 17 May 2016 16:21:47 +0200, Theo Buehler wrote: > > > I agree with your diagnosis. skeyinit tries to fchown the file to the > > target user and gets EPERM since it is running with pledge. > > > > Here's a patch that disables pledge for skeyinit if it is run as root > > and there is a target user specified. It should be possible to pledge > > after the fchown() call, but I haven't had the time to investigate this, > > yet. > > Why not just set the euid to the user so the file gets created with > the proper ID?
much better. ok tb@